dnssec key events too often?
Mark Andrews
marka at isc.org
Fri Jan 27 19:53:48 UTC 2017
In message <efe6ef1f-a24e-0000-340c-64de590e86f7 at s-carlsen.dk>, Sten Carlsen writes:
>
> Hi all
>
> I have recently started using dnssec on my authoritative zones. I have
> bind 9.9.4 (Centos7).
>
> I see for each zone:
>
> ...
>
> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 02:03:40.860: 1 Time
> (s)
> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 03:03:40.860: 1 Time
> (s)
> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 04:03:40.860: 1 Time
> (s)
> general: info: zone s-carlsen.dk/IN/external (signed): next key event: 26-Jan-2017 05:03:40.861: 1 Time
> (s)
>
> ...
>
> This happens every hour, I think this is probably way too often? Access to the name in question is probably
> a few times pr. day.
>
> The only reasonable conclusion is that I have done something stupid or not done the right thing.
>
> Question: what stupid thing might I have done (how to fix?) or what did
> I miss to do?
Nothing. You have key management in automatic mode and named needs
to periodically check if you have created new keys or changed the
timers of existing keys or removed a old key.
Mark
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
> "MALE BOVINE MANURE!!!"
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list